WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a .lnk. extension, which bypasses WFTPD’s check for a .lnk extension.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Wftpd | Texas_imperial_software | 2.4.1 | 2.4.1 |
Wftpd | Texas_imperial_software | 2.4.1_rc11 | 2.4.1_rc11 |
Wftpd | Texas_imperial_software | 2.4.1_rc12 | 2.4.1_rc12 |
Wftpd | Texas_imperial_software | 2.40 | 2.40 |
Wftpd | Texas_imperial_software | 2.41_rc14 | 2.41_rc14 |
Wftpd | Texas_imperial_software | 2.41_rc14 | 2.41_rc14 |
Wftpd | Texas_imperial_software | 3.0 | 3.0 |
Wftpd | Texas_imperial_software | 3.0 | 3.0 |
Wftpd | Texas_imperial_software | 3.0_0r3 | 3.0_0r3 |
Wftpd | Texas_imperial_software | 3.0_0r4 | 3.0_0r4 |
Wftpd | Texas_imperial_software | 3.0_0r4 | 3.0_0r4 |
Wftpd | Texas_imperial_software | 3.0_0r5 | 3.0_0r5 |
Wftpd | Texas_imperial_software | 3.0_0r5 | 3.0_0r5 |